Skip to content

Test, bygg, deploy #901

Test, bygg, deploy

Test, bygg, deploy #901

Workflow file for this run

name: Test, bygg, deploy
on:
push:
workflow_dispatch:
schedule:
- cron: '0 6 * * 1' # bygg nytt image hver mandag morgen
jobs:
build:
name: Bygg
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
packages: write
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: '22'
registry-url: https://npm.pkg.github.com/
cache: 'npm'
- run: npm ci --omit=dev --omit=optional
env:
NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
working-directory: ./server
- run: npm ci
env:
NODE_AUTH_TOKEN: ${{ secrets.READER_TOKEN }}
- run: npm run test
- run: npm run lint
- run: npm run build
- run: npx @cyclonedx/cyclonedx-npm --package-lock-only --ignore-npm-errors --output-file sbom1.json
- run: npx @cyclonedx/cyclonedx-npm --package-lock-only --omit dev --ignore-npm-errors --output-file sbom2.json server/package.json
- run: jq -s '.[0] * .[1]' sbom1.json sbom2.json > sbom.merged.json
- uses: actions/upload-artifact@v4
with:
name: ${{ github.sha }}.bom.json
path: sbom.merged.json
- uses: nais/docker-build-push@v0
id: gar-push
with:
team: fager
salsa: false
tag: ${{ github.sha }}
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
- id: upload
uses: nais/deploy/actions/cdn-upload/v2@master
with:
team: fager
source: ./build/
destination: '/min-side-arbeidsgiver'
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
outputs:
image: ${{ steps.gar-push.outputs.image }}
digest: ${{ steps.gar-push.outputs.digest }}
salsa:
name: attest and sign image
needs: [ build ]
runs-on: ubuntu-latest
permissions:
id-token: write
steps:
- uses: nais/login@v0
id: login
with:
project_id: ${{ vars.NAIS_MANAGEMENT_PROJECT_ID }}
identity_provider: ${{ secrets.NAIS_WORKLOAD_IDENTITY_PROVIDER }}
team: fager
- uses: actions/download-artifact@v4
with:
name: ${{ github.sha }}.bom.json
path: ./
- uses: nais/attest-sign@v1
with:
image_ref: ${{ needs.build.outputs.image }}@${{ needs.build.outputs.digest }}
sbom: sbom.merged.json
deploy-dev-gcp:
needs: [ build ]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- name: Deploy til dev-gcp
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: dev-gcp
RESOURCE: nais/dev-gcp.yaml
PRINT_PAYLOAD: true
VAR: commit=${{ github.sha }},image=${{ needs.build.outputs.image }}
deploy-prod-gcp:
needs: [ build ]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- name: Deploy til prod-gcp
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: prod-gcp
RESOURCE: nais/prod-gcp.yaml
PRINT_PAYLOAD: true
VAR: commit=${{ github.sha }},image=${{ needs.build.outputs.image }}
deploy-prodlik-demo-gcp:
needs: [ build ]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- name: Deploy prodlik demo til dev-gcp
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: dev-gcp
RESOURCE: nais/demo-prodlik.yaml
PRINT_PAYLOAD: true
VAR: commit=${{ github.sha }},image=${{ needs.build.outputs.image }}
deploy-devlik-demo-gcp:
needs: [ build ]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
permissions:
id-token: write
steps:
- uses: actions/checkout@v4
- name: Deploy dev-lik demo til dev-gcp
uses: nais/deploy/actions/deploy@v2
env:
CLUSTER: dev-gcp
RESOURCE: nais/demo-devlik.yaml
PRINT_PAYLOAD: true
VAR: commit=${{ github.sha }},image=${{ needs.build.outputs.image }}